Based on experience, it seems that the majority of companies in developing countries who are implementing risk management do not get the added value that they expect. This is often because they are attempting to import risk management from a different cultural setting, from developed to developing parts of the world.
In many cases, it makes sense to begin by bringing in a system from a developed country, rather than starting from the beginning to build something new. But how can organisations in developing countries avoid the threats that come with importing a risk management approach from elsewhere? These steps will help:
- Self-awareness. Knowing ourselves will help us to develop a more realistic approach to managing risk. We should study our history to discover how risk has been considered and managed in the past, and we should look for particular cultural influences that might affect how we perceive risk.
- Real Needs. What exactly do we need? Organizations in developing countries often look at others elsewhere and say: “They have implemented this system, so we want it too.” But copying others can lead us to adopt systems that fail to add value for our company. We must start by understanding what we really need from risk management, and then design an approach to meet it. We can define our needs by interviewing stakeholders or analysing weaknesses in our current systems. We should not merely copy the risk approach from others without being sure that it will help us in our specific setting.
- Preparation. We need to understand what level of infrastructure is needed to support risk management, and determine whether our people have the necessary understanding, knowledge and skills to implement it. Many companies in developing countries try to implement risk management without having the necessary infrastructure or skills in place.
- Step by Step. It is natural to want to progress quickly, but we must be realistic and not fool ourselves on how fast we can implement a new approach, especially when it is imported from a different culture. Instead we should take one step at a time. First, we need a process that supports realistic risk identification, with reliable assessment of likelihoods and impacts, and development of effective responses. Then we can develop appropriate tools and training to support the process. Finally, we might decide to include quantitative analysis of risks if that is needed. Trying to jump too far in one go might leave us in a deep hole.
- Localization. If we import a risk approach from outside, we should take steps to tailor it to be compatible with our local culture, both in our country and in our organization. For example, in some cultures it might be best to gather risk information through group brainstorming, whereas individual interviewing might be better in another culture. Some cultures find it hard to identify threats while others might be blind to opportunities. Risk is viewed as a technical competence in some organizations where others see it as strategic.
By understanding our history and culture, distinguishing our real needs, putting the required risk infrastructure and skills in place, moving step by step, and tailoring the risk approach to meet the local setting, we can improve our chances of obtaining value from importing a risk management approach from a more developed country.
[© Copyright April 2018, David Hillson/Risk Doctor Limited]